• docker-compose部署ELK

docker-compose部署ELK

cat > docker-compose.yml << EOF
version: '3.7'

services:
    elasticsearch:
        image: elasticsearch:7.17.0
        privileged: true
        container_name: elasticsearch
        volumes:
            - /etc/localtime:/etc/localtime
            - ./es/plugins:/usr/share/elasticsearch/plugins #插件文件挂载，宿主机的./es/plugins目录挂载到容器内的/usr/share里面
            - ./es/data:/usr/share/elasticsearch/data #数据文件挂载
        ports:
            - '9200:9200'
            - '9300:9300'
        restart: always
        environment:
            - 'cluster.name=elasticsearch' #设置集群名称为elasticsearch
            - 'discovery.type=single-node' #以单一节点模式启动
            - 'ES_JAVA_OPTS=-Xms4096m -Xmx4096m' #设置使用jvm内存大小
            - 'discovery.seed_hosts=121.201.97.83' #开启安全功能
            - "xpack.security.enabled=true" #开启安全功能
            - "xpack.security.authc.api_key.enabled=true" #开启安全功能
            - "ELASTIC_PASSWORD=huayu1688" #开启安全功能
        networks:
            - elk
networks:
    elk:
        name: elk
        driver:
            bridge
EOF

sed -i -e 's/1xx.xxx.xxx.xx/你的ip/; s/4096/你要设置的内存大小/' docker-compose.yml
sed -i 's/4096/你要设置的内存大小/' docker-compose.yml

docker-compose up -d

init: true user: 1002:1002

容器能起来，但是运行报错 ERROR: unable to create temporary keystore at [/usr/share/elasticsearch/config/elasticsearch.keystore.tmp], write permissions required for [/usr/share/elasticsearch/config] or run [elasticsearch-keystore upgrade] [WARN tini (7)] Tini is not running as PID 1 and isn't registered as a child subreaper. Zombie processes will not be re-parented to Tini, so zombie reaping won't work. To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.

2. 去掉，不加任何用户

也是运行报错，不一样的是 failed to obtain node locks, tried [[/usr/share/elasticsearch/data]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?

    logstash:
        image: logstash:7.17.0
        container_name: logstash
        restart: always
        volumes:
            - /etc/localtime:/etc/localtime
            - ./logstash/pipeline/logstash.conf:/usr/share/logstash/config/logstash.conf
        ports:
            - "5044:5044"
        environment:
            - ELASTICSEARCH_HOSTS=http://1xx.xxx.xxx.xx:9200 #设置访问elasticsearch的地址
            - ELASTICSEARCH_USERNAME=elastic #开启安全功能
            - ELASTICSEARCH_PASSWORD=xxxxx #开启安全功能
        links:
            - elasticsearch:es #可以用es这个域名访问elasticsearch服务
        networks:
            - elk
        depends_on:
            - elasticsearch
    kibana:
        image: kibana:7.17.0
        container_name: kibana
        restart: always
        volumes:
            - /etc/localtime:/etc/localtime
        ports:
            - '5601:5601'
        links:
            - elasticsearch:es #可以用es这个域名访问elasticsearch服务
        environment:
            - 'elasticsearch.hosts=http://1xx.xxx.xxx.xx:9200' #设置访问elasticsearch的地址
            - ELASTICSEARCH_USERNAME=elastic #开启安全功能
            - ELASTICSEARCH_PASSWORD=xxxxx #开启安全功能
            - I18N_LOCALE=zh-CN
        networks:
            - elk
        depends_on:
            - elasticsearch

备用

version: '3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0
    container_name: elasticsearch
    environment:
      - discovery.type=single-node
      - ELASTIC_PASSWORD=xxxxx
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./plugins:/usr/share/elasticsearch/plugins
    networks:
      - elastic

  kibana:
    image: docker.elastic.co/kibana/kibana:7.17.0
    container_name: kibana
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=xxxxxx
    ports:
      - "5601:5601"
    networks:
      - elastic

networks:
  elastic:
    driver: bridge